@socketsecurity/cli-with-sentry 0.14.51 → 0.14.53

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/cli-with-sentry",
-  "version": "0.14.51",
+  "version": "0.14.53",
   "description": "CLI tool for Socket.dev, includes Sentry error handling, otherwise identical to the regular `socket` package",
   "homepage": "http://github.com/SocketDev/socket-cli",
   "license": "MIT",
@@ -61,16 +61,16 @@
     "test": "run-s check test:*",
     "test:prepare": "cross-env VITEST=1 npm run build",
     "test:unit": "vitest --run",
+    "test:unit:update": "vitest --update",
     "test:unit:coverage": "vitest run --coverage",
     "test-ci": "run-s test:*",
-    "testu": "cross-env SOCKET_CLI_NO_API_TOKEN=1 run-s test:prepare test:unit -- --update",
+    "testu": "cross-env SOCKET_CLI_NO_API_TOKEN=1 run-s test:prepare test:unit:update",
     "update": "run-p --aggregate-output update:**",
     "update:deps": "npx --yes npm-check-updates"
   },
   "dependencies": {
     "@apideck/better-ajv-errors": "^0.3.6",
     "@cyclonedx/cdxgen": "^11.2.0",
-    "@npmcli/promise-spawn": "^8.0.2",
     "@octokit/rest": "^21.1.1",
     "@sentry/node": "9.3.0",
     "@socketregistry/hyrious__bun.lockb": "^1.0.13",
@@ -79,7 +79,7 @@
     "@socketregistry/is-unicode-supported": "^1.0.1",
     "@socketregistry/packageurl-js": "^1.0.2",
     "@socketsecurity/config": "^2.1.3",
-    "@socketsecurity/registry": "^1.0.107",
+    "@socketsecurity/registry": "^1.0.111",
     "@socketsecurity/sdk": "^1.4.5",
     "blessed": "^0.1.81",
     "blessed-contrib": "^4.11.0",
@@ -147,7 +147,7 @@
     "eslint-import-resolver-oxc": "^0.12.0",
     "eslint-plugin-depend": "^0.12.0",
     "eslint-plugin-import-x": "^4.6.1",
-    "eslint-plugin-n": "^17.15.1",
+    "eslint-plugin-n": "^17.16.1",
     "eslint-plugin-sort-destructure-keys": "^2.0.0",
     "eslint-plugin-unicorn": "^56.0.1",
     "husky": "^9.1.7",

package/dist/module-sync/debug.d.ts

@@ -1,3 +0,0 @@
-declare function isDebug(): boolean;
-declare function debugLog(...args: any[]): void;
-export { isDebug, debugLog };

package/dist/module-sync/npm.d.ts

@@ -1,26 +0,0 @@
-/// <reference types="npmcli__promise-spawn" />
-/// <reference types="node" />
-import spawn from '@npmcli/promise-spawn';
-import { Spinner } from '@socketsecurity/registry/lib/spinner';
-declare function isAuditFlag(cmdArg: string): boolean;
-declare function isFundFlag(cmdArg: string): boolean;
-declare function isLoglevelFlag(cmdArg: string): boolean;
-declare function isProgressFlag(cmdArg: string): boolean;
-type SpawnOption = Exclude<Parameters<typeof spawn>[2], undefined>;
-type SafeNpmInstallOptions = SpawnOption & {
-    args?: string[] | undefined;
-    ipc?: object | undefined;
-    spinner?: Spinner | undefined;
-};
-declare function safeNpmInstall(options?: SafeNpmInstallOptions): Promise<{
-    cmd: string;
-    args: string[];
-    code: number;
-    signal: NodeJS.Signals | null;
-    stdout: string;
-    stderr: string;
-} & Record<any, any>> & {
-    process: import("child_process").ChildProcess;
-    stdio: [import("stream").Writable | null, import("stream").Readable | null, import("stream").Readable | null, import("stream").Writable | import("stream").Readable | null | undefined, import("stream").Writable | import("stream").Readable | null | undefined];
-};
-export { isAuditFlag, isFundFlag, isLoglevelFlag, isProgressFlag, safeNpmInstall };

package/dist/module-sync/npm.js

@@ -1,113 +0,0 @@
-'use strict';
-
-function _socketInterop(e) {
-  let c = 0
-  for (const k in e ?? {}) {
-    c = c === 0 && k === 'default' ? 1 : 0
-    if (!c && k !== '__esModule') break
-  }
-  return c ? e.default : e
-}
-
-var process = require('node:process');
-var spawn = _socketInterop(require('@npmcli/promise-spawn'));
-var objects = require('@socketsecurity/registry/lib/objects');
-var npmPaths = require('./npm-paths.js');
-var constants = require('./constants.js');
-
-const {
-  SOCKET_IPC_HANDSHAKE,
-  abortSignal
-} = constants;
-const auditFlags = new Set(['--audit', '--no-audit']);
-const fundFlags = new Set(['--fund', '--no-fund']);
-
-// https://docs.npmjs.com/cli/v11/using-npm/logging#aliases
-const logFlags = new Set(['--loglevel', '-d', '--dd', '--ddd', '-q', '--quiet', '-s', '--silent']);
-const progressFlags = new Set(['--progress', '--no-progress']);
-function isAuditFlag(cmdArg) {
-  return auditFlags.has(cmdArg);
-}
-function isFundFlag(cmdArg) {
-  return fundFlags.has(cmdArg);
-}
-function isLoglevelFlag(cmdArg) {
-  // https://docs.npmjs.com/cli/v11/using-npm/logging#setting-log-levels
-  return cmdArg.startsWith('--loglevel=') || logFlags.has(cmdArg);
-}
-function isProgressFlag(cmdArg) {
-  return progressFlags.has(cmdArg);
-}
-function safeNpmInstall(options) {
-  const {
-    args = [],
-    ipc,
-    spinner,
-    ...spawnOptions
-  } = {
-    __proto__: null,
-    ...options
-  };
-  const terminatorPos = args.indexOf('--');
-  const npmArgs = (terminatorPos === -1 ? args : args.slice(0, terminatorPos)).filter(a => !isAuditFlag(a) && !isFundFlag(a) && !isProgressFlag(a));
-  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos);
-  const useIpc = objects.isObject(ipc);
-  const useDebug = npmPaths.isDebug();
-  const isSilent = !useDebug && !npmArgs.some(isLoglevelFlag);
-  const isSpinning = spinner?.isSpinning ?? false;
-  if (!isSilent) {
-    spinner?.stop();
-  }
-  let spawnPromise = spawn(
-  // Lazily access constants.execPath.
-  constants.execPath, [
-  // Lazily access constants.nodeNoWarningsFlags.
-  ...constants.nodeNoWarningsFlags, '--require',
-  // Lazily access constants.npmInjectionPath.
-  constants.npmInjectionPath, npmPaths.getNpmBinPath(), 'install',
-  // Even though the '--silent' flag is passed npm will still run through
-  // code paths for 'audit' and 'fund' unless '--no-audit' and '--no-fund'
-  // flags are passed.
-  '--no-audit', '--no-fund',
-  // Add `--no-progress` and `--silent` flags to fix input being swallowed
-  // by the spinner when running the command with recent versions of npm.
-  '--no-progress',
-  // Add the '--silent' flag if a loglevel flag is not provided and the
-  // SOCKET_CLI_DEBUG environment variable is not truthy.
-  ...(isSilent ? ['--silent'] : []), ...npmArgs, ...otherArgs], {
-    signal: abortSignal,
-    // Set stdio to include 'ipc'.
-    // See https://github.com/nodejs/node/blob/v23.6.0/lib/child_process.js#L161-L166
-    // and https://github.com/nodejs/node/blob/v23.6.0/lib/internal/child_process.js#L238.
-    stdio: isSilent ?
-    // 'ignore'
-    useIpc ? ['ignore', 'ignore', 'ignore', 'ipc'] : 'ignore' :
-    // 'inherit'
-    useIpc ? [0, 1, 2, 'ipc'] : 'inherit',
-    ...spawnOptions,
-    env: {
-      ...process.env,
-      ...spawnOptions.env
-    }
-  });
-  if (useIpc) {
-    spawnPromise.process.send({
-      [SOCKET_IPC_HANDSHAKE]: ipc
-    });
-  }
-  if (!isSilent && isSpinning) {
-    const oldSpawnPromise = spawnPromise;
-    spawnPromise = spawnPromise.finally(() => {
-      spinner?.start();
-    });
-    spawnPromise.process = oldSpawnPromise.process;
-    spawnPromise.stdin = spawnPromise.stdin;
-  }
-  return spawnPromise;
-}
-
-exports.isLoglevelFlag = isLoglevelFlag;
-exports.isProgressFlag = isProgressFlag;
-exports.safeNpmInstall = safeNpmInstall;
-//# debugId=e284aad0-2f5e-4bba-a5e4-010813e648a3
-//# sourceMappingURL=npm.js.map

package/dist/module-sync/npm.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"npm.js","sources":["../../src/utils/npm.ts"],"sourcesContent":["import process from 'node:process'\n\nimport spawn from '@npmcli/promise-spawn'\n\nimport { isObject } from '@socketsecurity/registry/lib/objects'\n\nimport { isDebug } from './debug'\nimport constants from '../constants'\nimport { getNpmBinPath } from '../shadow/npm-paths'\n\nimport type { Spinner } from '@socketsecurity/registry/lib/spinner'\n\nconst { SOCKET_IPC_HANDSHAKE, abortSignal } = constants\n\nconst auditFlags = new Set(['--audit', '--no-audit'])\n\nconst fundFlags = new Set(['--fund', '--no-fund'])\n\n// https://docs.npmjs.com/cli/v11/using-npm/logging#aliases\nconst logFlags = new Set([\n  '--loglevel',\n  '-d',\n  '--dd',\n  '--ddd',\n  '-q',\n  '--quiet',\n  '-s',\n  '--silent'\n])\n\nconst progressFlags = new Set(['--progress', '--no-progress'])\n\nexport function isAuditFlag(cmdArg: string) {\n  return auditFlags.has(cmdArg)\n}\n\nexport function isFundFlag(cmdArg: string) {\n  return fundFlags.has(cmdArg)\n}\n\nexport function isLoglevelFlag(cmdArg: string) {\n  // https://docs.npmjs.com/cli/v11/using-npm/logging#setting-log-levels\n  return cmdArg.startsWith('--loglevel=') || logFlags.has(cmdArg)\n}\n\nexport function isProgressFlag(cmdArg: string) {\n  return progressFlags.has(cmdArg)\n}\n\ntype SpawnOption = Exclude<Parameters<typeof spawn>[2], undefined>\n\ntype SafeNpmInstallOptions = SpawnOption & {\n  args?: string[] | undefined\n  ipc?: object | undefined\n  spinner?: Spinner | undefined\n}\n\nexport function safeNpmInstall(options?: SafeNpmInstallOptions) {\n  const {\n    args = [],\n    ipc,\n    spinner,\n    ...spawnOptions\n  } = <SafeNpmInstallOptions>{ __proto__: null, ...options }\n  const terminatorPos = args.indexOf('--')\n  const npmArgs = (\n    terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n  ).filter(a => !isAuditFlag(a) && !isFundFlag(a) && !isProgressFlag(a))\n  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n  const useIpc = isObject(ipc)\n  const useDebug = isDebug()\n  const isSilent = !useDebug && !npmArgs.some(isLoglevelFlag)\n  const isSpinning = spinner?.isSpinning ?? false\n  if (!isSilent) {\n    spinner?.stop()\n  }\n  let spawnPromise = spawn(\n    // Lazily access constants.execPath.\n    constants.execPath,\n    [\n      // Lazily access constants.nodeNoWarningsFlags.\n      ...constants.nodeNoWarningsFlags,\n      '--require',\n      // Lazily access constants.npmInjectionPath.\n      constants.npmInjectionPath,\n      getNpmBinPath(),\n      'install',\n      // Even though the '--silent' flag is passed npm will still run through\n      // code paths for 'audit' and 'fund' unless '--no-audit' and '--no-fund'\n      // flags are passed.\n      '--no-audit',\n      '--no-fund',\n      // Add `--no-progress` and `--silent` flags to fix input being swallowed\n      // by the spinner when running the command with recent versions of npm.\n      '--no-progress',\n      // Add the '--silent' flag if a loglevel flag is not provided and the\n      // SOCKET_CLI_DEBUG environment variable is not truthy.\n      ...(isSilent ? ['--silent'] : []),\n      ...npmArgs,\n      ...otherArgs\n    ],\n    {\n      signal: abortSignal,\n      // Set stdio to include 'ipc'.\n      // See https://github.com/nodejs/node/blob/v23.6.0/lib/child_process.js#L161-L166\n      // and https://github.com/nodejs/node/blob/v23.6.0/lib/internal/child_process.js#L238.\n      stdio: isSilent\n        ? // 'ignore'\n          useIpc\n          ? ['ignore', 'ignore', 'ignore', 'ipc']\n          : 'ignore'\n        : // 'inherit'\n          useIpc\n          ? [0, 1, 2, 'ipc']\n          : 'inherit',\n      ...spawnOptions,\n      env: {\n        ...process.env,\n        ...spawnOptions.env\n      }\n    }\n  )\n  if (useIpc) {\n    spawnPromise.process.send({ [SOCKET_IPC_HANDSHAKE]: ipc })\n  }\n  if (!isSilent && isSpinning) {\n    const oldSpawnPromise = spawnPromise\n    spawnPromise = <typeof oldSpawnPromise>spawnPromise.finally(() => {\n      spinner?.start()\n    })\n    spawnPromise.process = oldSpawnPromise.process\n    ;(spawnPromise as any).stdin = (spawnPromise as any).stdin\n  }\n  return spawnPromise\n}\n"],"names":["abortSignal","args","__proto__","constants","signal","stdio","env","spawnPromise"],"mappings":";;;;;;;;;;;;;;;;;AAYA;;AAA8BA;AAAY;AAE1C;AAEA;;AAEA;AACA;AAWA;AAEO;AACL;AACF;AAEO;AACL;AACF;AAEO;AACL;AACA;AACF;AAEO;AACL;AACF;AAUO;;AAEHC;;;;AAIF;AAA6BC;;;AAC7B;AACA;AAGA;AACA;AACA;;AAEA;;;AAGA;;AAEE;;AAGE;AACA;AAEA;AACAC;AAGA;AACA;AACA;AACA;AAEA;AACA;;AAEA;AACA;AACA;AAKAC;AACA;AACA;AACA;AACAC;AACI;;AAIA;;AAIJ;AACAC;;AAEE;AACF;AACF;AAEF;AACEC;AAA4B;AAA4B;AAC1D;AACA;;AAEEA;;AAEA;AACAA;AACEA;AACJ;AACA;AACF;;;;","debugId":"e284aad0-2f5e-4bba-a5e4-010813e648a3"}

package/dist/require/npm.js

@@ -1,3 +0,0 @@
-'use strict'
-
-module.exports = require('../module-sync/npm.js')